aspose file tools*
The moose likes Servlets and the fly likes Preventing users from seeing old data using their browser back button Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Preventing users from seeing old data using their browser back button" Watch "Preventing users from seeing old data using their browser back button" New topic
Author

Preventing users from seeing old data using their browser back button

Rob Micah
Ranch Hand

Joined: Aug 30, 2011
Posts: 94
I have a question about the way requests work upon using the back button in a browser. I have 3 servlets. The first has a form that upon submission queries a database and forwards the request on to the second. The second servlet displays information from the results of the database search and displays a form to go to servlet #3. The third servlet displays a link for payment on an external website. What I am attempting to do is prevent the user from using their back button to view out-of-date results from the database in servlets #2 and #3. Servlets #1 and #2 use GET method while #3 uses POST. So the logic is like this:

  • Servlet #1: User submits search form. Store results in HttpSession.
  • Servlet #2: Check for valid HttpSession. Display search results
  • Servlet #3: Check for valid HttpSession. Display link for payment on third party site


  • In servlets #2 and #3 if a valid HttpSession isn't detected up front I am redirecting to the home page. To check for out-of-date information I have added a check in servlet #3 in its request-handler to check the database to make sure the results stored in the session still match what's on the database. If not, invalidate the session and redirect to the homepage. Now if I alter the database, either manually or by making a payment, and use my back button of my browser to back up to servlet #2 it appears that a new request is submitted because I see updated results.

    So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?
    Cole Terry
    Ranch Hand

    Joined: Nov 23, 2011
    Posts: 45
    Rob Micah wrote:
    So my question is this: Is my original request from servlet #1 being re-sent when I use my back button to back up to servlet #2?


    Probably no, because the browser may cache the previous page and it does not re-contact the server when using Back button. Unless you put "no-cache" in the response headers from the Servlet.
    Kumaravadivel Subramani
    Ranch Hand

    Joined: Jul 05, 2008
    Posts: 166

    Yes web browser caches the POST form request details and when to hit F5/Backspace or click on web browser's back button it actually re-sends it. To avoid this there could be more ways but my suggestion is to make a dummy request after POST request (Have stored all data of POST request in httpsession) which actually would go to browser and comes to the servlet. This is to overwrite the web browser cache and valuable requests such as payment request can be stripped out of re-sending. I've implement the solution in my web site long back and working fine. Ensure this method won't be a problem of your performance.


    No pain, No gain.
    OCJP 1.6
    Rob Micah
    Ranch Hand

    Joined: Aug 30, 2011
    Posts: 94
    Even though I didn't set no-cache in the header of servlet #2 it appears that it was sometimes re-sending the GET request. So what I wound up doing was changing that request method from servlet #1 to POST as well. The reason is because most browsers, if not all, will warn the user they are navigating back to a page that received a POST request and the browser will send a new request to the server.
    Kumar Raja
    Ranch Hand

    Joined: Mar 18, 2010
    Posts: 519
        
        2


    Check PRG


    Regards
    KumarRaja

    Michael Kato
    Greenhorn

    Joined: Aug 06, 2010
    Posts: 12
    Kumar Raja wrote:
    Check PRG

    Post-Redirect-Get doesn't solve this at all. Even the example demo at your link allows you to hit back and see the entered data.
    Amit Ghorpade
    Bartender

    Joined: Jun 06, 2007
    Posts: 2716
        
        6

    There are two ways to get about this
    1) Don't allow the browser to cache the page.
    2) Use javascript to work with history.


    SCJP, SCWCD.
    |Asking Good Questions|
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Preventing users from seeing old data using their browser back button